Search Results (470 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11541 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-30 7.4 High
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
CVE-2026-11594 1 Ibm 1 Websphere Application Server 2026-06-30 8.5 High
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.
CVE-2026-11546 1 Ibm 1 Websphere Application Server Liberty 2026-06-30 7.1 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.
CVE-2026-11595 1 Ibm 1 Websphere Application Server 2026-06-30 4.3 Medium
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.
CVE-2026-11708 1 Ibm 1 Websphere Application Server 2026-06-30 9.3 Critical
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.
CVE-2026-11712 1 Ibm 1 Websphere Application Server 2026-06-30 9.3 Critical
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.
CVE-2026-11714 1 Ibm 1 Websphere Application Server Liberty 2026-06-30 8.5 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
CVE-2026-11806 1 Ibm 1 Websphere Application Server Liberty 2026-06-30 7.2 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
CVE-2026-9006 1 Ibm 1 Websphere Application Server 2026-06-23 7.4 High
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
CVE-2026-9071 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-23 7.5 High
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-10845 1 Ibm 1 Websphere Application Server 2026-06-22 7.3 High
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
CVE-2026-9320 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-22 5.9 Medium
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-8646 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-22 7.4 High
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.
CVE-2026-8644 1 Ibm 1 Websphere Application Server 2026-06-04 9.1 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVE-2026-9319 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVE-2026-9311 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVE-2026-9330 1 Ibm 1 Websphere Application Server 2026-06-04 8.5 High
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
CVE-2026-8620 1 Ibm 3 Web Server Plug-ins For Websphere Application Server And Websphere Liberty, Web Server Plug Ins For Websphere Application Server And Websphere Liberty, Websphere Application Server 2026-06-02 7.5 High
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.
CVE-2026-5516 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-02 4.4 Medium
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.
CVE-2026-4410 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-01 4.8 Medium
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.